Hi all,
fixed in assp 2.4.6 build 15214:
- in some cases the output of the analyzer for bayesian word pairs and HMM
sequences was wrong
changed:
- the count of the calculated bayesian word pairs is increased to improve
the correctness of the bayesian check
Thomas
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************

I do this in a similar way for years.
- my group is [dummy]
- I replace all addresses of the honeypot-domain one (every time the same
for each spam domain) valid local address
- nodelay has
0.0.0.0/1=>[dummy]
128.0.0.0/1=>[dummy]
[dummy] is also in hlSpamLovers - helos should never blocked for the
honeypot
if a mail is detected as spam - fine - stored - nothing wrong - but..
NOTHING TO LEARN for assp (BAD until the next complete rebuildspamdb was
finished)
if it is not detected as spam, it is delivered to the dummy user - now the
trick - the mailbox of this user has an agent, which spam-reports and
deletes any incomming mail immediatly
because the rebuild is running permanent (if configured) - assp learns
just in time the new reported spam (also for all the other real users)
>The problem is that the volume of spam is causing the sender Ip to goto
the
>extremePB.
you should disable this - it is in montor mode (early is disabled) on my
prod system
Thomas
Von: K Post <nntp.post@...>
An: ASSP development mailing list <assp-test@...>
Datum: 29.07.2015 15:18
Betreff: [Assp-test] Fwd: Honeypot addresses, any way to bypass
extremepb?
I sent this in early June to the user list, but it got no play, so I
figured that I'd give here a go.
Thanks
---------- Forwarded message ----------
From: K Post <nntp.post@...>
Date: Thu, Jun 4, 2015 at 9:34 AM
Subject: Honeypot addresses, any way to bypass extremepb?
To: For Users of ASSP <Assp-user@...>
I've setup a couple honeypot subdomains. My intention is to use them to
gather more and more varied spam messages.
This might just be a case of ASSP not being intended for this, in which
case I'll just kill the subdomains or donate them to project honeypot.
..or I could just be doing it wrong.
I have the subdomains listed in a group like this
[HONEYPOT-ADDRESSES]
@subdomain1.ourcharity.org
@subdomain2.ourcharity.org
and I have that group listed in SpamAddresses
The problem is that the volume of spam is causing the sender Ip to goto
the
extremePB.
in block reports, I see:
spam reason: (score for xxx.xxx.xxx.xxx is 645, surpassing extreme level
of
601) [--the subject--]
and as such, the messages aren't being collected.
Is there a way to tell ASSP to collect mail into the spam folder for
specific addresses? Don't process them, don't block based on IP, just
gobble up the mail, save it in spam, and give the IP a score. Maybe don't
even give the sender an error, but don't use extremepb for mails
exclusively to these addresses --like a honeypot should work.
Again, if this is a bad idea, counter to ASSP's mission / design, etc,
I'll
just ditch the concept.
------------------------------------------------------------------------------
_______________________________________________
Assp-test mailing list
Assp-test@...
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************

I sent this in early June to the user list, but it got no play, so I
figured that I'd give here a go.
Thanks
---------- Forwarded message ----------
From: K Post <nntp.post@...>
Date: Thu, Jun 4, 2015 at 9:34 AM
Subject: Honeypot addresses, any way to bypass extremepb?
To: For Users of ASSP <Assp-user@...>
I've setup a couple honeypot subdomains. My intention is to use them to
gather more and more varied spam messages.
This might just be a case of ASSP not being intended for this, in which
case I'll just kill the subdomains or donate them to project honeypot.
..or I could just be doing it wrong.
I have the subdomains listed in a group like this
[HONEYPOT-ADDRESSES]
@subdomain1.ourcharity.org
@subdomain2.ourcharity.org
and I have that group listed in SpamAddresses
The problem is that the volume of spam is causing the sender Ip to goto the
extremePB.
in block reports, I see:
spam reason: (score for xxx.xxx.xxx.xxx is 645, surpassing extreme level of
601) [--the subject--]
and as such, the messages aren't being collected.
Is there a way to tell ASSP to collect mail into the spam folder for
specific addresses? Don't process them, don't block based on IP, just
gobble up the mail, save it in spam, and give the IP a score. Maybe don't
even give the sender an error, but don't use extremepb for mails
exclusively to these addresses --like a honeypot should work.
Again, if this is a bad idea, counter to ASSP's mission / design, etc, I'll
just ditch the concept.

:: On Thu, 23 Jul 2015 15:00:06 +0200
:: <20150723150006.00002a7e@...>
:: Grayhat <grayhat@...> wrote:
>
> Not sure ASSP needs it, but in case, here's the main site
>
> https://publicsuffix.org/
>
> and here's the list
>
> https://publicsuffix.org/list/public_suffix_list.dat
>
> notice that it's used from (e.g.) "mozilla" and others to find out
> TLDs, also notice that the file uses some particular syntax, so some
> records may contains stuff like "*.tld" or "!prefix.tld" not a real
> problem, but better knowing it; anyhow, the list contains all the TLDs
> including the "double" ones and is constantly updated.
also, and since ASSP is written in Perl
https://github.com/usrflo/registered-domain-libs/
:)

Not sure ASSP needs it, but in case, here's the main site
https://publicsuffix.org/
and here's the list
https://publicsuffix.org/list/public_suffix_list.dat
notice that it's used from (e.g.) "mozilla" and others to find out
TLDs, also notice that the file uses some particular syntax, so some
records may contains stuff like "*.tld" or "!prefix.tld" not a real
problem, but better knowing it; anyhow, the list contains all the TLDs
including the "double" ones and is constantly updated.
HTH

>>> On Jul 22, 2015, at 1:00 PM, K Post nntp.post@... wrote:
>>> Would it be possible to have Log RE email the full line in the log which
I just turned this on the other day. Edit the /assp/lib/CorrectASSPcfg.pm file. Uncomment:
$main::AUTHLogUser = 1; # (0/1) write the username for AUTH (PLAIN/LOGIN) to maillog.txt
$main::AUTHLogPWD = 1; # (0/1) write the userpassword for AUTH (PLAIN/LOGIN) to maillog.txt
I wanted to log passwords as well (Home system) to see what crackers were using for passwords.
Doug

I've got a LogRE set for
warning: SMTP authentication failed
That way I get an email when SMTP auth fails. The Log itself shows the
offender's IP address, but not the attempted username.
The email notification shows neither the IP address or the username.
Would it be possible to have Log RE email the full line in the log which
includes the IP address? In the log it shows like this:
Jul-18-15 12:54:42 y.y.y.y warning: SMTP authentication failed on x.x.x.x
y.y.y.y is the offender's ip. x.x.x.x is out internal SMTP ip.
The email just shows
warning: SMTP authentication failed on x.x.x.x
And is there a way that you could add the offender's username in the log so
we can tell what account is trying to be hacked more easily?
Thanks

Hi all,
fixed in assp 2.4.6 build 15197:
changed:
- a file 'notes/loaded_perl_modules.txt' is created at startup, which
shows all loaded modules and there
version (if available)
a link is added to the module status page, which shows the file
- the XML-stats output (http://assp:55553/xml) got a new design
- if the runlevel priority of two Plugins overlaps, a detail report and
the actions taken to solve the overlap,
are written to the log.
The check is done at startup and at every Plugin call.
Thomas
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************

Hi all,
fixed in assp 2.4.6 build 15194:
- If 'DoPrivatSpamdb' was used, the analyzer has shown more bad and good
Bayesian and HMM word combinations, than
both engines have used for the spam probability and confidence
calculation.
changed:
- If 'AUTHrequireTLS' is set and a server tries to use AUTH without using
SSL/STARTTLS, the connection is
damped for 5 seconds to prevent DDoS attacks. The value for the seconds
can be configured using the
hidden variable 'AUTHrequireTLSDelay'
our $AUTHrequireTLSDelay = 5; # (number) seconds to damp connections that
used AUTH without using SSL
(to prevent DoS)
- ASSP has used the port defined in the hidden configuration variable
'IPv6TestPort' to test the posibility
of an IPv6 listener at startup. ASSP now first tries to use the first
free highport (provided by the OS).
Only if this attempt failes, the fixed 'IPv6TestPort' is used.
- In addition to the literals 'SESSIONID', 'NOTSPAMTAG' and 'MYNAME', it
is now possible to use the literals
'IPCONNECTED' and 'IPORIGIN' in any configurable SMTP reply text.
The literal 'SESSIONID' will be replaced by the unique message logging ID
in every SMTP error reply.
The literal 'IPCONNECTED' will be replaced by the connected IP address in
every SMTP error reply.
The literal 'IPORIGIN' will be replaced by the origin IP address in every
SMTP error reply.
The literal 'NOTSPAMTAG' will be replaced by a random calculated TAG
using, in every SMTP permanent (5xx) error reply.
The literal 'MYNAME' will be replaced by the configuration value defined
in 'myName' in every SMTP error reply.
- The math to calculate the spam/ham probability and confidence is
improved. It prevents now the usage of too
small numbers.
- The spam/ham confidence graph calculation is improved by switching from
the natural logarithm to the base 10 log
- ASSP_AFC version 3.17: spam is detected, if an attachment or a
compressed file has an extension, but
the extemsion does not match the real file type (content based)
Thomas
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************

Hi all,
fixed in ASSP_AFC.pm 3.16:
- the content analyze of compressed attached files was broken in version
3.15
Thomas
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************

Hi all,
fixed in assp 2.4.6 build 15180:
- ASSP_ARC.pm was unable to compress (gzip) files with unicode filenames
The Plugin is not changed, the fix is in assp.pl.
- the DNS-server query order was (under certain conditions) unexpected
changed
changed:
- The mechanism to bind to universal IP-addresses (port only defintion)
for IPv6 enabled systems is changed.
the issue:
Binding a listener to both universal IP addresses (0.0.0.0 and [::]) on
a system with a disabled
'IPV6_V6ONLY' flag, the IPv6 bind has been failed on certain systems.
general changes:
The bind order for those listeners (port definition only) is changed
from 1.IPv4 - 2.IPv6 to 1.IPv6 - 2.IPv4.
system dependend changed behavior:
(1)
If the system 'IPV6_V6ONLY' IP-flag is available and it is set to zero
and it can be set/changed per socket,
assp will set the flag to '1' for each universal IPv6 listener. In this
case in addition an IPv4 universal
listener can/will be created.
(2)
If the 'IPV6_V6ONLY' flag is available and it is set to zero and it can
NOT be set/changed per socket,
assp will create the IPv6 listener [::] only. This listener is than used
by the system for IPv6 and IPv4
connections.
(3)
Systems where the 'IPV6_V6ONLY' flag is available and it is set to '1'
are not affected by this change.
(4)
If the 'IPV6_V6ONLY' IP-flag cannot be detected on a system (some
windows versions for example), assp acts the
same way, as the flag is available and set to '1' - (see 3).
Thomas
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************

Hi all,
fixed in assp 2.4.6 build 15176:
- If an assp installation was migrated from a 32Bit to a 64Bit system, or
from a little-endian to a big-endian
system (or visa versa), several check results were unexpected,
unexpected exceptions happened or the script was
dying unexpected.
- after a exception in the Maintenance Worker (10000) and its restart, it
was possible that several maintenance
functions were no longer working until assp was restarted
- rereading the configuration on an idle system caused some times an
unexpected high CPU load for some seconds
- if the RBL engine detected a DNS-socket error, it returned no result
even other sockets were OK
failed DNS-sockets are now ignored and a warning is shown in the
maillog.txt
changed:
- 'maxDNSRespDist' now also accepts an empty or zero value. Both disable
the feature.
- sponsors are shown at the GUI->donation page
Thomas
ps:
Perl 5.22 is available for some weeks now. Reading the 'perldelta.pod' for
this perl release and checking the assp code, I can't find any reason, why
assp V2 should not run on perl 5.22 .
How ever, using assp with perl 5.22 is experimental. It would be nice, if
I can get some feedback, if someone tries perl 5.22.
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************

>The only plugin I use is the ASSP_AFC one, so I figured make it priority
1.
This is not possible. Check your installation. Plugins must be in the
'assp/Plugins' folder - and NOWHERE ELSE inside assp and Perl. There
should NOT be any copy of a plugin in any other perl or assp 'lib' folder
(also not in there root !). It can be possible, that assp managed copies
of any file exists in the 'assp/download' folder.
.
Ken - I've no doubt - there were two plugins loaded! Possibly two times
the same - possibly different versions - possibly in renamed files?
To get this warning:
> WARNING: runlevel 'complete mail' - priority 1 is already occupied by
> plugin ASSP_AFC
at least two plugins must be registered to assp!
Notice: assp will try load any file in the 'assp/Plugins' folder, that
name starts with 'ASSP_' and has the extension .pm, as a Plugin.
Thomas
Von: K Post <nntp.post@...>
An: ASSP development mailing list <assp-test@...>
Datum: 15.06.2015 17:47
Betreff: Re: [Assp-test] Priority 1 already occupied by plugin
ASSP_AFC
The only plugin I use is the ASSP_AFC one, so I figured make it priority
1. I've set it back to 6. I don't know why the plugins start at priority
5, and it doesn't really matter - at long as the default of 6 won't cause
a
problem without lower priorities there, I'll just let it be. Thanks.
On Mon, Jun 15, 2015 at 11:13 AM, Thomas Eckardt
<Thomas.Eckardt@...
> wrote:
> The default priority settings for ALL plugins are fine. There is no and
> never was a reason to change this. If you change such a setting, you
> should know what you do and WHY!
>
> ASSP_OCR - 5
> ASSP_AFC - 6
> ASSP_Razor - 7
> ASSP_DCC - 8
> ASSP_ARC - 9
>
> To get this warning:
> > WARNING: runlevel 'complete mail' - priority 1 is already occupied by
> > plugin ASSP_AFC
> you must have change this setting for at least two plugins!?
>
> >priorities needing to be 2 or higher?
> NO! 1 is a valid value.
> The priority defines the order, in which the plugins of a runlevel
should
> be processed. If the same priority is used multiple times, the call
order
> of the plugins with the same priority will be random.
>
> Thomas
>
>
>
>
>
> Von: K Post <nntp.post@...>
> An: ASSP development mailing list <assp-test@...>
> Datum: 15.06.2015 16:30
> Betreff: Re: [Assp-test] Priority 1 already occupied by plugin
> ASSP_AFC
>
>
>
> Ok, updated to 2. Maybe update the GUI to indicate that (and maybe trap
> for?) priorities needing to be 2 or higher?
>
> Thanks
>
> On Mon, Jun 15, 2015 at 1:52 AM, Thomas Eckardt
> <Thomas.Eckardt@...>
> wrote:
>
> > Priority 1 is not used in runlevel 2 ('complete mail') by any Plugin
per
> > default.
> > Reset the priority values of all used runlevel 2 Plugins to there
> default.
> >
> > Thomas
> >
> >
> >
> >
> >
> > Von: K Post <nntp.post@...>
> > An: ASSP development mailing list
<assp-test@...>
> > Datum: 04.06.2015 19:42
> > Betreff: [Assp-test] Priority 1 already occupied by plugin
> ASSP_AFC
> >
> >
> >
> > I'm seeing this every once in a while. Any reason for concern?
> >
> > WARNING: runlevel 'complete mail' - priority 1 is already occupied by
> > plugin ASSP_AFC
> >
> >
>
>
------------------------------------------------------------------------------
> > _______________________________________________
> > Assp-test mailing list
> > Assp-test@...
> > https://lists.sourceforge.net/lists/listinfo/assp-test
> >
> >
> >
> >
> >
> >
> > DISCLAIMER:
> > *******************************************************
> > This email and any files transmitted with it may be confidential,
> legally
> > privileged and protected in law and are intended solely for the use of
> the
> >
> > individual to whom it is addressed.
> > This email was multiple times scanned for viruses. There should be no
> > known virus in this email!
> > *******************************************************
> >
> >
> >
>
>
------------------------------------------------------------------------------
> > _______________________________________________
> > Assp-test mailing list
> > Assp-test@...
> > https://lists.sourceforge.net/lists/listinfo/assp-test
> >
>
>
------------------------------------------------------------------------------
> _______________________________________________
> Assp-test mailing list
> Assp-test@...
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential,
legally
> privileged and protected in law and are intended solely for the use of
the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
>
------------------------------------------------------------------------------
> _______________________________________________
> Assp-test mailing list
> Assp-test@...
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
------------------------------------------------------------------------------
_______________________________________________
Assp-test mailing list
Assp-test@...
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************

The default priority settings for ALL plugins are fine. There is no and
never was a reason to change this. If you change such a setting, you
should know what you do and WHY!
ASSP_OCR - 5
ASSP_AFC - 6
ASSP_Razor - 7
ASSP_DCC - 8
ASSP_ARC - 9
To get this warning:
> WARNING: runlevel 'complete mail' - priority 1 is already occupied by
> plugin ASSP_AFC
you must have change this setting for at least two plugins!?
>priorities needing to be 2 or higher?
NO! 1 is a valid value.
The priority defines the order, in which the plugins of a runlevel should
be processed. If the same priority is used multiple times, the call order
of the plugins with the same priority will be random.
Thomas
Von: K Post <nntp.post@...>
An: ASSP development mailing list <assp-test@...>
Datum: 15.06.2015 16:30
Betreff: Re: [Assp-test] Priority 1 already occupied by plugin
ASSP_AFC
Ok, updated to 2. Maybe update the GUI to indicate that (and maybe trap
for?) priorities needing to be 2 or higher?
Thanks
On Mon, Jun 15, 2015 at 1:52 AM, Thomas Eckardt
<Thomas.Eckardt@...>
wrote:
> Priority 1 is not used in runlevel 2 ('complete mail') by any Plugin per
> default.
> Reset the priority values of all used runlevel 2 Plugins to there
default.
>
> Thomas
>
>
>
>
>
> Von: K Post <nntp.post@...>
> An: ASSP development mailing list <assp-test@...>
> Datum: 04.06.2015 19:42
> Betreff: [Assp-test] Priority 1 already occupied by plugin
ASSP_AFC
>
>
>
> I'm seeing this every once in a while. Any reason for concern?
>
> WARNING: runlevel 'complete mail' - priority 1 is already occupied by
> plugin ASSP_AFC
>
>
------------------------------------------------------------------------------
> _______________________________________________
> Assp-test mailing list
> Assp-test@...
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential,
legally
> privileged and protected in law and are intended solely for the use of
the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
>
------------------------------------------------------------------------------
> _______________________________________________
> Assp-test mailing list
> Assp-test@...
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
------------------------------------------------------------------------------
_______________________________________________
Assp-test mailing list
Assp-test@...
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************

>I'm testing DNSServerLimit is set to ONE.
Set this value at least to TWO.
Thomas
Von: K Post <nntp.post@...>
An: ASSP development mailing list <assp-test@...>
Datum: 14.06.2015 16:11
Betreff: [Assp-test] NO_NAME_SERVER_GIVEN
We've got 3 local (relatively fast, very stable) windows dns servers.
In an effort to reduce network traffic internally and externally by
limiting DNS queries where reasonable, I'm testing DNSServerLimit is set
to
ONE. I feel like this will generally be sufficient, if for some reason a
DNS server is temporarily down, assp should be smart enough to use another
(right?) - I don't think this will be a problem in our environment. I'm
taking the weekend to confirm that suspicion.
The 3 dns servers are listed in DNSServers in ASSP, use local DNS is
unchecked, DNSResponseLog is checked, and DebugSPF is checked (for testing
purposes).
Things >>appear<< to be working fine, but when I applied these changes, I
got this in the logs:
Jun-14-15 09:57:42 Info: DNSResolverSend: caller:
Net::DNS::Resolver::Base,
468, sourceforge.net
Jun-14-15 09:57:42 Info: Name Server x.x.x.53: ResponseTime = 2 ms for
sourceforge.net
Jun-14-15 09:57:42 Info: DNSResolverSend: caller:
Net::DNS::Resolver::Base,
468, sourceforge.net
Jun-14-15 09:57:42 Info: Name Server x.x.x.52: ResponseTime = 2 ms for
sourceforge.net
Jun-14-15 09:57:42 Info: DNSResolverSend: caller:
Net::DNS::Resolver::Base,
468, sourceforge.net
Jun-14-15 09:57:42 Info: Name Server x.x.x.51: ResponseTime = 1 ms for
sourceforge.net
*Jun-14-15 09:57:42 Info: DNSresolverTimeS timed out*
*Jun-14-15 09:57:42 Info: NO_NAME_SERVER_GIVEN - closing existing DNS
sockets*
*Jun-14-15 09:57:42 Info: DNSresolverTimeS timed out*
*Jun-14-15 09:57:42 Info: NO_NAME_SERVER_GIVEN - closing existing DNS
sockets*
*Jun-14-15 09:57:42 Info: DNSresolverTimeS timed out*
*Jun-14-15 09:57:42 Info: NO_NAME_SERVER_GIVEN - closing existing DNS
sockets*
So ASSP is testing all 3 servers as it should to decide which one should
be
used until the next test or failure. But what does "DNSresolverTimeS
timed
out" mean?
Why does it say NO_NAME_SERVER_GIVEN?
And I am now seeing:
Jun-14-15 10:01:06 Info: DNSresolverTimeS timed out
Jun-14-15 10:01:06 Info: NO_NAME_SERVER_GIVEN - closing existing DNS
sockets
frequently.
------------------------------------------------------------------------------
_______________________________________________
Assp-test mailing list
Assp-test@...
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************

14 messages has been excluded from this view by a project administrator.